github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-16 07:05:14 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #5969 from fidencio/topic/bump-image-rs

Browse Source 
CC | agent: Update image-rs to bring stream pulling support
This commit is contained in:
Fabiano Fidêncio 2023-01-03 22:09:51 +01:00 committed by GitHub
commit 715fd0c933
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
44 changed files with 829 additions and 622 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1187
src/agent/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

4
src/agent/Cargo.toml
View File

@ -71,10 +71,10 @@ openssl = { version = "0.10.38", features = ["vendored"] }
# Image pull/decrypt # Image pull/decrypt
[target.'cfg(target_arch = "s390x")'.dependencies] [target.'cfg(target_arch = "s390x")'.dependencies]
image-rs = { git = "https://github.com/confidential-containers/image-rs", rev = "78a5114444629ad0af82174cb4bbaa1787b627a3", default-features = false, features = ["default_s390x"] } image-rs = { git = "https://github.com/confidential-containers/image-rs", rev = "cf1f7f96eb60ec4cc4aaa671c04d574a4ea0e441", default-features = false, features = ["default_s390x"] }
[target.'cfg(not(target_arch = "s390x"))'.dependencies] [target.'cfg(not(target_arch = "s390x"))'.dependencies]
image-rs = { git = "https://github.com/confidential-containers/image-rs", rev = "78a5114444629ad0af82174cb4bbaa1787b627a3", default-features = true } image-rs = { git = "https://github.com/confidential-containers/image-rs", rev = "cf1f7f96eb60ec4cc4aaa671c04d574a4ea0e441", default-features = true }
[dev-dependencies] [dev-dependencies]
tempfile = "3.1.0" tempfile = "3.1.0"

2
src/agent/rustjail/src/mount.rs
View File

@ -782,7 +782,7 @@ fn mount_from(
Path::new(&dest).parent().unwrap() Path::new(&dest).parent().unwrap()
}; };
fs::create_dir_all(&dir).map_err(|e| { fs::create_dir_all(dir).map_err(|e| {
log_child!( log_child!(
cfd_log, cfd_log,
"create dir {}: {}", "create dir {}: {}",

2
src/agent/rustjail/src/seccomp.rs
View File

@ -63,7 +63,7 @@ pub fn get_unknown_syscalls(scmp: &LinuxSeccomp) -> Option<Vec<String>> {
// init_seccomp creates a seccomp filter and loads it for the current process // init_seccomp creates a seccomp filter and loads it for the current process
// including all the child processes. // including all the child processes.
pub fn init_seccomp(scmp: &LinuxSeccomp) -> Result<()> { pub fn init_seccomp(scmp: &LinuxSeccomp) -> Result<()> {
let def_action = ScmpAction::from_str(scmp.default_action.as_str(), Some(libc::EPERM as i32))?; let def_action = ScmpAction::from_str(scmp.default_action.as_str(), Some(libc::EPERM))?;
// Create a new filter context // Create a new filter context
let mut filter = ScmpFilterContext::new_filter(def_action)?; let mut filter = ScmpFilterContext::new_filter(def_action)?;

12
src/agent/src/device.rs
View File

@ -414,7 +414,7 @@ fn scan_scsi_bus(scsi_addr: &str) -> Result<()> {
// Scan scsi host passing in the channel, SCSI id and LUN. // Scan scsi host passing in the channel, SCSI id and LUN.
// Channel is always 0 because we have only one SCSI controller. // Channel is always 0 because we have only one SCSI controller.
let scan_data = format!("0 {} {}", tokens[0], tokens[1]); let scan_data = &format!("0 {} {}", tokens[0], tokens[1]);
for entry in fs::read_dir(SYSFS_SCSI_HOST_PATH)? { for entry in fs::read_dir(SYSFS_SCSI_HOST_PATH)? {
let host = entry?.file_name(); let host = entry?.file_name();
@ -428,7 +428,7 @@ fn scan_scsi_bus(scsi_addr: &str) -> Result<()> {
let scan_path = PathBuf::from(&format!("{}/{}/{}", SYSFS_SCSI_HOST_PATH, host_str, "scan")); let scan_path = PathBuf::from(&format!("{}/{}/{}", SYSFS_SCSI_HOST_PATH, host_str, "scan"));
fs::write(scan_path, &scan_data)?; fs::write(scan_path, scan_data)?;
} }
Ok(()) Ok(())
@ -1533,7 +1533,7 @@ mod tests {
pci_driver_override(syspci, dev0, "drv_b").unwrap(); pci_driver_override(syspci, dev0, "drv_b").unwrap();
assert_eq!(fs::read_to_string(&dev0override).unwrap(), "drv_b"); assert_eq!(fs::read_to_string(&dev0override).unwrap(), "drv_b");
assert_eq!(fs::read_to_string(&probepath).unwrap(), dev0.to_string()); assert_eq!(fs::read_to_string(&probepath).unwrap(), dev0.to_string());
assert_eq!(fs::read_to_string(&drvaunbind).unwrap(), dev0.to_string()); assert_eq!(fs::read_to_string(drvaunbind).unwrap(), dev0.to_string());
} }
#[test] #[test]
@ -1545,7 +1545,7 @@ mod tests {
let dev0 = pci::Address::new(0, 0, pci::SlotFn::new(0, 0).unwrap()); let dev0 = pci::Address::new(0, 0, pci::SlotFn::new(0, 0).unwrap());
let dev0path = syspci.join("devices").join(dev0.to_string()); let dev0path = syspci.join("devices").join(dev0.to_string());
fs::create_dir_all(&dev0path).unwrap(); fs::create_dir_all(dev0path).unwrap();
// Test dev0 // Test dev0
assert!(pci_iommu_group(&syspci, dev0).unwrap().is_none()); assert!(pci_iommu_group(&syspci, dev0).unwrap().is_none());
@ -1556,7 +1556,7 @@ mod tests {
let dev1group = dev1path.join("iommu_group"); let dev1group = dev1path.join("iommu_group");
fs::create_dir_all(&dev1path).unwrap(); fs::create_dir_all(&dev1path).unwrap();
std::os::unix::fs::symlink("../../../kernel/iommu_groups/12", &dev1group).unwrap(); std::os::unix::fs::symlink("../../../kernel/iommu_groups/12", dev1group).unwrap();
// Test dev1 // Test dev1
assert_eq!( assert_eq!(
@ -1569,7 +1569,7 @@ mod tests {
let dev2path = syspci.join("devices").join(dev2.to_string()); let dev2path = syspci.join("devices").join(dev2.to_string());
let dev2group = dev2path.join("iommu_group"); let dev2group = dev2path.join("iommu_group");
fs::create_dir_all(&dev2group).unwrap(); fs::create_dir_all(dev2group).unwrap();
// Test dev2 // Test dev2
assert!(pci_iommu_group(&syspci, dev2).is_err()); assert!(pci_iommu_group(&syspci, dev2).is_err());

5
src/agent/src/image_rpc.rs
View File

@ -156,7 +156,7 @@ impl ImageService {
} }
info!(sl!(), "use guest pause image cid {:?}", cid); info!(sl!(), "use guest pause image cid {:?}", cid);
let pause_bundle = Path::new(CONTAINER_BASE).join(&cid); let pause_bundle = Path::new(CONTAINER_BASE).join(cid);
let pause_rootfs = pause_bundle.join("rootfs"); let pause_rootfs = pause_bundle.join("rootfs");
let pause_config = pause_bundle.join(CONFIG_JSON); let pause_config = pause_bundle.join(CONFIG_JSON);
let pause_binary = pause_rootfs.join("pause"); let pause_binary = pause_rootfs.join("pause");
@ -263,7 +263,8 @@ impl ImageService {
if Path::new(SKOPEO_PATH).exists() { if Path::new(SKOPEO_PATH).exists() {
// Read the policy path from the agent config // Read the policy path from the agent config
let config_policy_path = &AGENT_CONFIG.read().await.container_policy_path; let config_policy_path = &AGENT_CONFIG.read().await.container_policy_path;
let policy_path = (!config_policy_path.is_empty()).then(|| config_policy_path.as_str()); let policy_path =
(!config_policy_path.is_empty()).then_some(config_policy_path.as_str());
Self::pull_image_from_registry(image, &cid, source_creds, policy_path, aa_kbc_params)?; Self::pull_image_from_registry(image, &cid, source_creds, policy_path, aa_kbc_params)?;
Self::unpack_image(&cid)?; Self::unpack_image(&cid)?;
} else { } else {

6
src/agent/src/mount.rs
View File

@ -648,7 +648,7 @@ pub fn recursive_ownership_change(
) -> Result<()> { ) -> Result<()> {
let mut mask = if read_only { RO_MASK } else { RW_MASK }; let mut mask = if read_only { RO_MASK } else { RW_MASK };
if path.is_dir() { if path.is_dir() {
for entry in fs::read_dir(&path)? { for entry in fs::read_dir(path)? {
recursive_ownership_change(entry?.path().as_path(), uid, gid, read_only)?; recursive_ownership_change(entry?.path().as_path(), uid, gid, read_only)?;
} }
mask |= EXEC_MASK; mask |= EXEC_MASK;
@ -894,7 +894,7 @@ pub fn get_cgroup_mounts(
}]); }]);
} }
let file = File::open(&cg_path)?; let file = File::open(cg_path)?;
let reader = BufReader::new(file); let reader = BufReader::new(file);
let mut has_device_cgroup = false; let mut has_device_cgroup = false;
@ -1777,7 +1777,7 @@ mod tests {
let tempdir = tempdir().unwrap(); let tempdir = tempdir().unwrap();
let src = if d.mask_src { let src = if d.mask_src {
tempdir.path().join(&d.src) tempdir.path().join(d.src)
} else { } else {
Path::new(d.src).to_path_buf() Path::new(d.src).to_path_buf()
}; };

5
src/agent/src/namespace.rs
View File

@ -78,6 +78,7 @@ impl Namespace {
// setup creates persistent namespace without switching to it. // setup creates persistent namespace without switching to it.
// Note, pid namespaces cannot be persisted. // Note, pid namespaces cannot be persisted.
#[instrument] #[instrument]
#[allow(clippy::question_mark)]
pub async fn setup(mut self) -> Result<Self> { pub async fn setup(mut self) -> Result<Self> {
fs::create_dir_all(&self.persistent_ns_dir)?; fs::create_dir_all(&self.persistent_ns_dir)?;
@ -88,7 +89,7 @@ impl Namespace {
} }
let logger = self.logger.clone(); let logger = self.logger.clone();
let new_ns_path = ns_path.join(&ns_type.get()); let new_ns_path = ns_path.join(ns_type.get());
File::create(new_ns_path.as_path())?; File::create(new_ns_path.as_path())?;
@ -102,7 +103,7 @@ impl Namespace {
let source = Path::new(&origin_ns_path); let source = Path::new(&origin_ns_path);
let destination = new_ns_path.as_path(); let destination = new_ns_path.as_path();
File::open(&source)?; File::open(source)?;
// Create a new netns on the current thread. // Create a new netns on the current thread.
let cf = ns_type.get_flags(); let cf = ns_type.get_flags();

12
src/agent/src/netlink.rs
View File

@ -946,13 +946,13 @@ mod tests {
fn clean_env_for_test_add_one_arp_neighbor(dummy_name: &str, ip: &str) { fn clean_env_for_test_add_one_arp_neighbor(dummy_name: &str, ip: &str) {
// ip link delete dummy // ip link delete dummy
Command::new("ip") Command::new("ip")
.args(&["link", "delete", dummy_name]) .args(["link", "delete", dummy_name])
.output() .output()
.expect("prepare: failed to delete dummy"); .expect("prepare: failed to delete dummy");
// ip neigh del dev dummy ip // ip neigh del dev dummy ip
Command::new("ip") Command::new("ip")
.args(&["neigh", "del", dummy_name, ip]) .args(["neigh", "del", dummy_name, ip])
.output() .output()
.expect("prepare: failed to delete neigh"); .expect("prepare: failed to delete neigh");
} }
@ -967,19 +967,19 @@ mod tests {
// ip link add dummy type dummy // ip link add dummy type dummy
Command::new("ip") Command::new("ip")
.args(&["link", "add", dummy_name, "type", "dummy"]) .args(["link", "add", dummy_name, "type", "dummy"])
.output() .output()
.expect("failed to add dummy interface"); .expect("failed to add dummy interface");
// ip addr add 192.168.0.2/16 dev dummy // ip addr add 192.168.0.2/16 dev dummy
Command::new("ip") Command::new("ip")
.args(&["addr", "add", "192.168.0.2/16", "dev", dummy_name]) .args(["addr", "add", "192.168.0.2/16", "dev", dummy_name])
.output() .output()
.expect("failed to add ip for dummy"); .expect("failed to add ip for dummy");
// ip link set dummy up; // ip link set dummy up;
Command::new("ip") Command::new("ip")
.args(&["link", "set", dummy_name, "up"]) .args(["link", "set", dummy_name, "up"])
.output() .output()
.expect("failed to up dummy"); .expect("failed to up dummy");
} }
@ -1011,7 +1011,7 @@ mod tests {
// ip neigh show dev dummy ip // ip neigh show dev dummy ip
let stdout = Command::new("ip") let stdout = Command::new("ip")
.args(&["neigh", "show", "dev", dummy_name, to_ip]) .args(["neigh", "show", "dev", dummy_name, to_ip])
.output() .output()
.expect("failed to show neigh") .expect("failed to show neigh")
.stdout; .stdout;

2
src/agent/src/network.rs
View File

@ -64,7 +64,7 @@ fn do_setup_guest_dns(logger: Logger, dns_list: Vec<String>, src: &str, dst: &st
.map(|x| x.trim()) .map(|x| x.trim())
.collect::<Vec<&str>>() .collect::<Vec<&str>>()
.join("\n"); .join("\n");
fs::write(src, &content)?; fs::write(src, content)?;
// bind mount to /etc/resolv.conf // bind mount to /etc/resolv.conf
mount::mount(Some(src), dst, Some("bind"), MsFlags::MS_BIND, None::<&str>) mount::mount(Some(src), dst, Some("bind"), MsFlags::MS_BIND, None::<&str>)

17
src/agent/src/rpc.rs
View File

@ -154,16 +154,9 @@ pub struct AgentService {
pub fn verify_cid(id: &str) -> Result<()> { pub fn verify_cid(id: &str) -> Result<()> {
let mut chars = id.chars(); let mut chars = id.chars();
let valid = match chars.next() { let valid = matches!(chars.next(), Some(first) if first.is_alphanumeric()
Some(first)
if first.is_alphanumeric()
&& id.len() > 1 && id.len() > 1
&& chars.all(|c| c.is_alphanumeric() || ['.', '-', '_'].contains(&c)) => && chars.all(|c| c.is_alphanumeric() || ['.', '-', '_'].contains(&c)));
{
true
}
_ => false,
};
match valid { match valid {
true => Ok(()), true => Ok(()),
@ -247,7 +240,7 @@ impl AgentService {
); );
Command::new(INIT_TRUSTED_STORAGE) Command::new(INIT_TRUSTED_STORAGE)
.args(&[&dev_major_minor, &data_integrity.to_string()]) .args([&dev_major_minor, &data_integrity.to_string()])
.output() .output()
.expect("Failed to initialize confidential storage"); .expect("Failed to initialize confidential storage");
} }
@ -3073,7 +3066,7 @@ COMMIT
.unwrap(); .unwrap();
assert!(!result.data.is_empty(), "we should have non-zero output:"); assert!(!result.data.is_empty(), "we should have non-zero output:");
assert!( assert!(
std::str::from_utf8(&*result.data).unwrap().contains( std::str::from_utf8(&result.data).unwrap().contains(
"PREROUTING -d 192.168.103.153/32 -j DNAT --to-destination 192.168.188.153" "PREROUTING -d 192.168.103.153/32 -j DNAT --to-destination 192.168.188.153"
), ),
"We should see the resulting rule" "We should see the resulting rule"
@ -3111,7 +3104,7 @@ COMMIT
.unwrap(); .unwrap();
assert!(!result.data.is_empty(), "we should have non-zero output:"); assert!(!result.data.is_empty(), "we should have non-zero output:");
assert!( assert!(
std::str::from_utf8(&*result.data) std::str::from_utf8(&result.data)
.unwrap() .unwrap()
.contains("INPUT -s 2001:db8:100::1/128 -i sit+ -p tcp -m tcp --sport 512:65535"), .contains("INPUT -s 2001:db8:100::1/128 -i sit+ -p tcp -m tcp --sport 512:65535"),
"We should see the resulting rule" "We should see the resulting rule"

2
src/agent/src/sandbox.rs
View File

@ -1074,7 +1074,7 @@ mod tests {
fs::create_dir(&subdir_path).unwrap(); fs::create_dir(&subdir_path).unwrap();
for file in j.files { for file in j.files {
let subfile_path = format!("{}/{}", subdir_path, file.name); let subfile_path = format!("{}/{}", subdir_path, file.name);
let mut subfile = File::create(&subfile_path).unwrap(); let mut subfile = File::create(subfile_path).unwrap();
subfile.write_all(file.content.as_bytes()).unwrap(); subfile.write_all(file.content.as_bytes()).unwrap();
} }
} }

10
src/agent/src/watcher.rs
View File

@ -124,7 +124,7 @@ impl Storage {
// if we are creating a directory: just create it, nothing more to do // if we are creating a directory: just create it, nothing more to do
if metadata.file_type().is_dir() { if metadata.file_type().is_dir() {
let dest_file_path = self.make_target_path(&source_file_path)?; let dest_file_path = self.make_target_path(source_file_path)?;
fs::create_dir_all(&dest_file_path) fs::create_dir_all(&dest_file_path)
.await .await
@ -152,7 +152,7 @@ impl Storage {
// Assume target mount is a file path // Assume target mount is a file path
self.target_mount_point.clone() self.target_mount_point.clone()
} else { } else {
let dest_file_path = self.make_target_path(&source_file_path)?; let dest_file_path = self.make_target_path(source_file_path)?;
if let Some(path) = dest_file_path.parent() { if let Some(path) = dest_file_path.parent() {
debug!(logger, "Creating destination directory: {}", path.display()); debug!(logger, "Creating destination directory: {}", path.display());
@ -778,7 +778,7 @@ mod tests {
22 22
); );
assert_eq!( assert_eq!(
fs::read_to_string(&entries.0[0].target_mount_point.as_path().join("1.txt")).unwrap(), fs::read_to_string(entries.0[0].target_mount_point.as_path().join("1.txt")).unwrap(),
"updated" "updated"
); );
@ -823,7 +823,7 @@ mod tests {
2 2
); );
assert_eq!( assert_eq!(
fs::read_to_string(&entries.0[1].target_mount_point.as_path().join("foo.txt")).unwrap(), fs::read_to_string(entries.0[1].target_mount_point.as_path().join("foo.txt")).unwrap(),
"updated" "updated"
); );
@ -1000,7 +1000,7 @@ mod tests {
// create a path we'll remove later // create a path we'll remove later
fs::create_dir_all(source_dir.path().join("tmp")).unwrap(); fs::create_dir_all(source_dir.path().join("tmp")).unwrap();
fs::write(&source_dir.path().join("tmp/test-file"), "foo").unwrap(); fs::write(source_dir.path().join("tmp/test-file"), "foo").unwrap();
assert_eq!(entry.scan(&logger).await.unwrap(), 3); // root, ./tmp, test-file assert_eq!(entry.scan(&logger).await.unwrap(), 3); // root, ./tmp, test-file
// Verify expected directory, file: // Verify expected directory, file:

6
src/dragonball/src/address_space_manager.rs
View File

@ -401,9 +401,9 @@ impl AddressSpaceMgr {
let flags = 0u32; let flags = 0u32;
let mem_region = kvm_userspace_memory_region { let mem_region = kvm_userspace_memory_region {
slot: slot as u32, slot,
guest_phys_addr: reg.start_addr().raw_value(), guest_phys_addr: reg.start_addr().raw_value(),
memory_size: reg.len() as u64, memory_size: reg.len(),
userspace_addr: host_addr as u64, userspace_addr: host_addr as u64,
flags, flags,
}; };
@ -421,7 +421,7 @@ impl AddressSpaceMgr {
self.base_to_slot self.base_to_slot
.lock() .lock()
.unwrap() .unwrap()
.insert(reg.start_addr().raw_value(), slot as u32); .insert(reg.start_addr().raw_value(), slot);
Ok(()) Ok(())
} }

6
src/dragonball/src/resource_manager.rs
View File

@ -420,6 +420,7 @@ impl ResourceManager {
} }
/// Allocate requested resources for a device. /// Allocate requested resources for a device.
#[allow(clippy::question_mark)]
pub fn allocate_device_resources( pub fn allocate_device_resources(
&self, &self,
requests: &[ResourceConstraint], requests: &[ResourceConstraint],
@ -435,10 +436,7 @@ impl ResourceManager {
constraint.max = r.1 as u64; constraint.max = r.1 as u64;
} }
match self.allocate_pio_address(&constraint) { match self.allocate_pio_address(&constraint) {
Some(base) => Resource::PioAddressRange { Some(base) => Resource::PioAddressRange { base, size: *size },
base: base as u16,
size: *size,
},
None => { None => {
if let Err(e) = self.free_device_resources(&resources) { if let Err(e) = self.free_device_resources(&resources) {
return Err(e); return Err(e);

2
src/dragonball/src/signal_handler.rs
View File

@ -41,7 +41,7 @@ extern "C" fn sigsys_handler(num: c_int, info: *mut siginfo_t, _unused: *mut c_v
let si_code = unsafe { (*info).si_code }; let si_code = unsafe { (*info).si_code };
// Sanity check. The condition should never be true. // Sanity check. The condition should never be true.
if num != si_signo || num != SIGSYS || si_code != SYS_SECCOMP_CODE as i32 { if num != si_signo || num != SIGSYS || si_code != SYS_SECCOMP_CODE {
// Safe because we're terminating the process anyway. // Safe because we're terminating the process anyway.
unsafe { _exit(i32::from(super::EXIT_CODE_UNEXPECTED_ERROR)) }; unsafe { _exit(i32::from(super::EXIT_CODE_UNEXPECTED_ERROR)) };
} }

6
src/dragonball/src/vcpu/x86_64.rs
View File

@ -96,14 +96,14 @@ impl Vcpu {
if let Some(start_addr) = kernel_start_addr { if let Some(start_addr) = kernel_start_addr {
dbs_arch::regs::setup_regs( dbs_arch::regs::setup_regs(
&self.fd, &self.fd,
start_addr.raw_value() as u64, start_addr.raw_value(),
dbs_boot::layout::BOOT_STACK_POINTER, dbs_boot::layout::BOOT_STACK_POINTER,
dbs_boot::layout::BOOT_STACK_POINTER, dbs_boot::layout::BOOT_STACK_POINTER,
dbs_boot::layout::ZERO_PAGE_START, dbs_boot::layout::ZERO_PAGE_START,
) )
.map_err(VcpuError::REGSConfiguration)?; .map_err(VcpuError::REGSConfiguration)?;
dbs_arch::regs::setup_fpu(&self.fd).map_err(VcpuError::FPUConfiguration)?; dbs_arch::regs::setup_fpu(&self.fd).map_err(VcpuError::FPUConfiguration)?;
let gdt_table: [u64; dbs_boot::layout::BOOT_GDT_MAX as usize] = [ let gdt_table: [u64; dbs_boot::layout::BOOT_GDT_MAX] = [
gdt_entry(0, 0, 0), // NULL gdt_entry(0, 0, 0), // NULL
gdt_entry(0xa09b, 0, 0xfffff), // CODE gdt_entry(0xa09b, 0, 0xfffff), // CODE
gdt_entry(0xc093, 0, 0xfffff), // DATA gdt_entry(0xc093, 0, 0xfffff), // DATA
@ -129,7 +129,7 @@ impl Vcpu {
fn set_cpuid(&mut self, vcpu_config: &VcpuConfig) -> Result<()> { fn set_cpuid(&mut self, vcpu_config: &VcpuConfig) -> Result<()> {
let cpuid_vm_spec = VmSpec::new( let cpuid_vm_spec = VmSpec::new(
self.id, self.id,
vcpu_config.max_vcpu_count as u8, vcpu_config.max_vcpu_count,
vcpu_config.threads_per_core, vcpu_config.threads_per_core,
vcpu_config.cores_per_die, vcpu_config.cores_per_die,
vcpu_config.dies_per_socket, vcpu_config.dies_per_socket,

6
src/dragonball/src/vm/x86_64.rs
View File

@ -81,10 +81,10 @@ fn configure_system<M: GuestMemory>(
if mem_end < mmio_start { if mem_end < mmio_start {
add_e820_entry( add_e820_entry(
&mut params.0, &mut params.0,
himem_start.raw_value() as u64, himem_start.raw_value(),
// it's safe to use unchecked_offset_from because // it's safe to use unchecked_offset_from because
// mem_end > himem_start // mem_end > himem_start
mem_end.unchecked_offset_from(himem_start) as u64 + 1, mem_end.unchecked_offset_from(himem_start) + 1,
bootparam::E820_RAM, bootparam::E820_RAM,
) )
.map_err(Error::BootSystem)?; .map_err(Error::BootSystem)?;
@ -103,7 +103,7 @@ fn configure_system<M: GuestMemory>(
&mut params.0, &mut params.0,
mmio_end.raw_value() + 1, mmio_end.raw_value() + 1,
// it's safe to use unchecked_offset_from because mem_end > mmio_end // it's safe to use unchecked_offset_from because mem_end > mmio_end
mem_end.unchecked_offset_from(mmio_end) as u64, mem_end.unchecked_offset_from(mmio_end),
bootparam::E820_RAM, bootparam::E820_RAM,
) )
.map_err(Error::BootSystem)?; .map_err(Error::BootSystem)?;

2
src/libs/kata-sys-util/src/fs.rs
View File

@ -145,7 +145,7 @@ pub fn reflink_copy<S: AsRef<Path>, D: AsRef<Path>>(src: S, dst: D) -> Result<()
// Copy file using cp command, which handles sparse file copy. // Copy file using cp command, which handles sparse file copy.
fn do_regular_copy(src: &str, dst: &str) -> Result<()> { fn do_regular_copy(src: &str, dst: &str) -> Result<()> {
let mut cmd = Command::new("/bin/cp"); let mut cmd = Command::new("/bin/cp");
cmd.args(&["--sparse=auto", src, dst]); cmd.args(["--sparse=auto", src, dst]);
match cmd.output() { match cmd.output() {
Ok(output) => match output.status.success() { Ok(output) => match output.status.success() {

10
src/libs/kata-sys-util/src/mount.rs
View File

@ -592,7 +592,7 @@ fn compact_lowerdir_option(opts: &[String]) -> (Option<PathBuf>, Vec<String>) {
} }
}; };
let idx = idx as usize; let idx = idx;
let common_dir = match get_longest_common_prefix(&lower_opts) { let common_dir = match get_longest_common_prefix(&lower_opts) {
None => return (None, n_opts), None => return (None, n_opts),
Some(v) => { Some(v) => {
@ -620,7 +620,7 @@ fn compact_lowerdir_option(opts: &[String]) -> (Option<PathBuf>, Vec<String>) {
.iter() .iter()
.map(|c| c.replace(&common_prefix, "")) .map(|c| c.replace(&common_prefix, ""))
.collect(); .collect();
n_opts[idx as usize] = format!("lowerdir={}", lower.join(":")); n_opts[idx] = format!("lowerdir={}", lower.join(":"));
(Some(common_dir), n_opts) (Some(common_dir), n_opts)
} }
@ -820,11 +820,11 @@ mod tests {
let tmpdir2 = tempfile::tempdir().unwrap(); let tmpdir2 = tempfile::tempdir().unwrap();
assert!(matches!( assert!(matches!(
bind_remount(&PathBuf::from(""), true), bind_remount(PathBuf::from(""), true),
Err(Error::NullMountPointPath) Err(Error::NullMountPointPath)
)); ));
assert!(matches!( assert!(matches!(
bind_remount(&PathBuf::from("../______doesn't____exist____nnn"), true), bind_remount(PathBuf::from("../______doesn't____exist____nnn"), true),
Err(Error::InvalidPath(_)) Err(Error::InvalidPath(_))
)); ));
@ -1066,7 +1066,7 @@ mod tests {
.unwrap_err(); .unwrap_err();
let src = path.join("src"); let src = path.join("src");
fs::write(&src, "test").unwrap(); fs::write(src, "test").unwrap();
let dst = path.join("dst"); let dst = path.join("dst");
fs::write(&dst, "test1").unwrap(); fs::write(&dst, "test1").unwrap();
mount_at( mount_at(

4
src/libs/kata-sys-util/src/numa.rs
View File

@ -37,9 +37,9 @@ pub type Result<T> = std::result::Result<T, Error>;
lazy_static! { lazy_static! {
static ref SYS_FS_PREFIX: PathBuf = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("test/texture"); static ref SYS_FS_PREFIX: PathBuf = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("test/texture");
// numa node file for UT, we can mock data // numa node file for UT, we can mock data
static ref NUMA_NODE_PATH: PathBuf = (&*SYS_FS_PREFIX).join("sys/devices/system/node"); static ref NUMA_NODE_PATH: PathBuf = (*SYS_FS_PREFIX).join("sys/devices/system/node");
// sysfs directory for CPU devices // sysfs directory for CPU devices
static ref NUMA_CPU_PATH: PathBuf = (&*SYS_FS_PREFIX).join("sys/devices/system/cpu"); static ref NUMA_CPU_PATH: PathBuf = (*SYS_FS_PREFIX).join("sys/devices/system/cpu");
} }
// global config in release // global config in release

11
src/libs/kata-sys-util/src/validate.rs
View File

@ -17,16 +17,9 @@ pub enum Error {
pub fn verify_id(id: &str) -> Result<(), Error> { pub fn verify_id(id: &str) -> Result<(), Error> {
let mut chars = id.chars(); let mut chars = id.chars();
let valid = match chars.next() { let valid = matches!(chars.next(), Some(first) if first.is_alphanumeric()
Some(first)
if first.is_alphanumeric()
&& id.len() > 1 && id.len() > 1
&& chars.all(|c| c.is_alphanumeric() || ['.', '-', '_'].contains(&c)) => && chars.all(|c| c.is_alphanumeric() || ['.', '-', '_'].contains(&c)));
{
true
}
_ => false,
};
match valid { match valid {
true => Ok(()), true => Ok(()),

6
src/libs/kata-types/src/config/drop_in.rs
View File

@ -240,7 +240,7 @@ mod drop_in_directory_handling {
"drop-in cfg file can only be a regular file or a symlink", "drop-in cfg file can only be a regular file or a symlink",
)); ));
} }
let dropin_contents = fs::read_to_string(&dropin_file.path())?; let dropin_contents = fs::read_to_string(dropin_file.path())?;
let dropin_config: toml::Value = toml::from_str(&dropin_contents)?; let dropin_config: toml::Value = toml::from_str(&dropin_contents)?;
super::toml_tree_ops::merge(base_config, dropin_config); super::toml_tree_ops::merge(base_config, dropin_config);
Ok(()) Ok(())
@ -267,7 +267,7 @@ mod drop_in_directory_handling {
} }
pub fn load(base_cfg_file_path: &Path) -> Result<TomlConfig> { pub fn load(base_cfg_file_path: &Path) -> Result<TomlConfig> {
let base_toml_str = fs::read_to_string(&base_cfg_file_path)?; let base_toml_str = fs::read_to_string(base_cfg_file_path)?;
let mut base_config: toml::Value = toml::from_str(&base_toml_str)?; let mut base_config: toml::Value = toml::from_str(&base_toml_str)?;
let dropin_dir = get_dropin_dir_path(base_cfg_file_path)?; let dropin_dir = get_dropin_dir_path(base_cfg_file_path)?;
@ -324,7 +324,7 @@ mod drop_in_directory_handling {
create_file(&config_path, BASE_CONFIG_DATA.as_bytes()).unwrap(); create_file(&config_path, BASE_CONFIG_DATA.as_bytes()).unwrap();
let dropin_dir = tmpdir.path().join("config.d"); let dropin_dir = tmpdir.path().join("config.d");
fs::create_dir(&dropin_dir).unwrap(); fs::create_dir(dropin_dir).unwrap();
let config = load(&config_path).unwrap(); let config = load(&config_path).unwrap();
check_base_config(&config); check_base_config(&config);

2
src/libs/kata-types/src/config/hypervisor/mod.rs
View File

@ -1133,7 +1133,7 @@ mod tests {
}, },
output: CpuInfo { output: CpuInfo {
cpu_features: "".to_string(), cpu_features: "".to_string(),
default_vcpus: default_vcpus as i32, default_vcpus,
default_maxvcpus: node_cpus, default_maxvcpus: node_cpus,
}, },
}, },

4
src/libs/kata-types/tests/test_config.rs
View File

@ -340,7 +340,7 @@ mod tests {
let path = env!("CARGO_MANIFEST_DIR"); let path = env!("CARGO_MANIFEST_DIR");
let path = Path::new(path).join("tests/texture/configuration-anno-0.toml"); let path = Path::new(path).join("tests/texture/configuration-anno-0.toml");
let content = fs::read_to_string(&path).unwrap(); let content = fs::read_to_string(path).unwrap();
let mut config = TomlConfig::load(&content).unwrap(); let mut config = TomlConfig::load(&content).unwrap();
assert!(anno.update_config_by_annotation(&mut config).is_err()); assert!(anno.update_config_by_annotation(&mut config).is_err());
} }
@ -349,7 +349,7 @@ mod tests {
fn test_fail_to_change_kernel_path_because_of_invalid_path() { fn test_fail_to_change_kernel_path_because_of_invalid_path() {
let path = env!("CARGO_MANIFEST_DIR"); let path = env!("CARGO_MANIFEST_DIR");
let path = Path::new(path).join("tests/texture/configuration-anno-0.toml"); let path = Path::new(path).join("tests/texture/configuration-anno-0.toml");
let content = fs::read_to_string(&path).unwrap(); let content = fs::read_to_string(path).unwrap();
let qemu = QemuConfig::new(); let qemu = QemuConfig::new();
qemu.register(); qemu.register();

4
src/libs/logging/src/file_rotate.rs
View File

@ -168,12 +168,12 @@ impl FileRotator {
#[cfg(test)] #[cfg(test)]
if !self.fail_rename && self.path.exists() { if !self.fail_rename && self.path.exists() {
let rotated_path = self.rotated_path(1); let rotated_path = self.rotated_path(1);
let _ = fs::rename(&self.path, &rotated_path); let _ = fs::rename(&self.path, rotated_path);
} }
#[cfg(not(test))] #[cfg(not(test))]
if self.path.exists() { if self.path.exists() {
let rotated_path = self.rotated_path(1); let rotated_path = self.rotated_path(1);
let _ = fs::rename(&self.path, &rotated_path); let _ = fs::rename(&self.path, rotated_path);
} }
let delete_path = self.rotated_path(self.rotate_keep + 1); let delete_path = self.rotated_path(self.rotate_keep + 1);

1
src/libs/logging/src/lib.rs
View File

@ -499,6 +499,7 @@ mod tests {
let error_closure = |logger: &Logger, msg: String| error!(logger, "{}", msg); let error_closure = |logger: &Logger, msg: String| error!(logger, "{}", msg);
let critical_closure = |logger: &Logger, msg: String| crit!(logger, "{}", msg); let critical_closure = |logger: &Logger, msg: String| crit!(logger, "{}", msg);
#[allow(clippy::type_complexity)]
struct TestData<'a> { struct TestData<'a> {
slog_level: slog::Level, slog_level: slog::Level,
slog_level_tag: &'a str, slog_level_tag: &'a str,

8
src/libs/protocols/build.rs
View File

@ -17,7 +17,7 @@ fn replace_text_in_file(file_name: &str, from: &str, to: &str) -> Result<(), std
let new_contents = contents.replace(from, to); let new_contents = contents.replace(from, to);
let mut dst = File::create(&file_name)?; let mut dst = File::create(file_name)?;
dst.write_all(new_contents.as_bytes())?; dst.write_all(new_contents.as_bytes())?;
Ok(()) Ok(())
@ -67,7 +67,7 @@ fn handle_file(autogen_comment: &str, rust_filename: &str) -> Result<(), std::io
let pattern = "//! Generated file from"; let pattern = "//! Generated file from";
if line.starts_with(&pattern) { if line.starts_with(pattern) {
new_contents.push(autogen_comment.into()); new_contents.push(autogen_comment.into());
} }
@ -76,14 +76,14 @@ fn handle_file(autogen_comment: &str, rust_filename: &str) -> Result<(), std::io
// Although we've requested serde support via `Customize`, to // Although we've requested serde support via `Customize`, to
// allow the `kata-agent-ctl` tool to partially deserialise structures // allow the `kata-agent-ctl` tool to partially deserialise structures
// specified in JSON, we need this bit of additional magic. // specified in JSON, we need this bit of additional magic.
if line.starts_with(&struct_pattern) { if line.starts_with(struct_pattern) {
new_contents.insert(new_contents.len() - 1, serde_default_code.trim().into()); new_contents.insert(new_contents.len() - 1, serde_default_code.trim().into());
} }
} }
let data = new_contents.join("\n"); let data = new_contents.join("\n");
let mut dst = File::create(&rust_filename)?; let mut dst = File::create(rust_filename)?;
dst.write_all(data.as_bytes())?; dst.write_all(data.as_bytes())?;

12
src/libs/protocols/src/trans.rs
View File

@ -106,8 +106,8 @@ impl From<oci::LinuxDeviceCgroup> for crate::oci::LinuxDeviceCgroup {
crate::oci::LinuxDeviceCgroup { crate::oci::LinuxDeviceCgroup {
Allow: from.allow, Allow: from.allow,
Type: from.r#type.map_or("".to_string(), |t| t as String), Type: from.r#type.map_or("".to_string(), |t| t as String),
Major: from.major.map_or(0, |t| t as i64), Major: from.major.map_or(0, |t| t),
Minor: from.minor.map_or(0, |t| t as i64), Minor: from.minor.map_or(0, |t| t),
Access: from.access, Access: from.access,
unknown_fields: Default::default(), unknown_fields: Default::default(),
cached_size: Default::default(), cached_size: Default::default(),
@ -123,7 +123,7 @@ impl From<oci::LinuxMemory> for crate::oci::LinuxMemory {
Swap: from.swap.map_or(0, |t| t), Swap: from.swap.map_or(0, |t| t),
Kernel: from.kernel.map_or(0, |t| t), Kernel: from.kernel.map_or(0, |t| t),
KernelTCP: from.kernel_tcp.map_or(0, |t| t), KernelTCP: from.kernel_tcp.map_or(0, |t| t),
Swappiness: from.swappiness.map_or(0, |t| t as u64), Swappiness: from.swappiness.map_or(0, |t| t),
DisableOOMKiller: from.disable_oom_killer.map_or(false, |t| t), DisableOOMKiller: from.disable_oom_killer.map_or(false, |t| t),
unknown_fields: Default::default(), unknown_fields: Default::default(),
cached_size: Default::default(), cached_size: Default::default(),
@ -332,7 +332,7 @@ impl From<oci::LinuxDevice> for crate::oci::LinuxDevice {
Type: from.r#type, Type: from.r#type,
Major: from.major, Major: from.major,
Minor: from.minor, Minor: from.minor,
FileMode: from.file_mode.map_or(0, |v| v as u32), FileMode: from.file_mode.map_or(0, |v| v),
UID: from.uid.map_or(0, |v| v), UID: from.uid.map_or(0, |v| v),
GID: from.gid.map_or(0, |v| v), GID: from.gid.map_or(0, |v| v),
unknown_fields: Default::default(), unknown_fields: Default::default(),
@ -468,12 +468,12 @@ impl From<crate::oci::LinuxDeviceCgroup> for oci::LinuxDeviceCgroup {
fn from(mut from: crate::oci::LinuxDeviceCgroup) -> Self { fn from(mut from: crate::oci::LinuxDeviceCgroup) -> Self {
let mut major = None; let mut major = None;
if from.get_Major() > 0 { if from.get_Major() > 0 {
major = Some(from.get_Major() as i64); major = Some(from.get_Major());
} }
let mut minor = None; let mut minor = None;
if from.get_Minor() > 0 { if from.get_Minor() > 0 {
minor = Some(from.get_Minor() as i64) minor = Some(from.get_Minor())
} }
oci::LinuxDeviceCgroup { oci::LinuxDeviceCgroup {

4
src/libs/safe-path/src/pinned_path_buf.rs
View File

@ -295,7 +295,7 @@ mod tests {
barrier2.wait(); barrier2.wait();
}); });
let path = scoped_join(&root_path, "s").unwrap(); let path = scoped_join(root_path, "s").unwrap();
let data = fs::read_to_string(&path).unwrap(); let data = fs::read_to_string(&path).unwrap();
assert_eq!(&data, "a"); assert_eq!(&data, "a");
assert!(path.is_file()); assert!(path.is_file());
@ -306,7 +306,7 @@ mod tests {
assert_eq!(&data, "b"); assert_eq!(&data, "b");
PinnedPathBuf::from_path(&path).unwrap_err(); PinnedPathBuf::from_path(&path).unwrap_err();
let pinned_path = PinnedPathBuf::new(&root_path, "s").unwrap(); let pinned_path = PinnedPathBuf::new(root_path, "s").unwrap();
let data = fs::read_to_string(&pinned_path).unwrap(); let data = fs::read_to_string(&pinned_path).unwrap();
assert_eq!(&data, "b"); assert_eq!(&data, "b");

8
src/libs/safe-path/src/scoped_dir_builder.rs
View File

@ -173,7 +173,7 @@ mod tests {
fs::write(rootfs_path.join("txt"), "test").unwrap(); fs::write(rootfs_path.join("txt"), "test").unwrap();
ScopedDirBuilder::new(rootfs_path.join("txt")).unwrap_err(); ScopedDirBuilder::new(rootfs_path.join("txt")).unwrap_err();
let mut builder = ScopedDirBuilder::new(&rootfs_path).unwrap(); let mut builder = ScopedDirBuilder::new(rootfs_path).unwrap();
// file with the same name already exists. // file with the same name already exists.
builder builder
@ -268,7 +268,7 @@ mod tests {
symlink(rootfs_dir.path().join("b"), rootfs_dir.path().join("a")).unwrap(); symlink(rootfs_dir.path().join("b"), rootfs_dir.path().join("a")).unwrap();
let rootfs_path = &rootfs_dir.path().join("a"); let rootfs_path = &rootfs_dir.path().join("a");
let mut builder = ScopedDirBuilder::new(&rootfs_path).unwrap(); let mut builder = ScopedDirBuilder::new(rootfs_path).unwrap();
builder.create_with_unscoped_path("/").unwrap_err(); builder.create_with_unscoped_path("/").unwrap_err();
builder builder
.create_with_unscoped_path(rootfs_path.join("../__xxxx___xxx__")) .create_with_unscoped_path(rootfs_path.join("../__xxxx___xxx__"))
@ -278,13 +278,13 @@ mod tests {
.unwrap_err(); .unwrap_err();
// Return `AlreadyExist` when recursive is false // Return `AlreadyExist` when recursive is false
builder.create_with_unscoped_path(&rootfs_path).unwrap_err(); builder.create_with_unscoped_path(rootfs_path).unwrap_err();
builder builder
.create_with_unscoped_path(rootfs_path.join(".")) .create_with_unscoped_path(rootfs_path.join("."))
.unwrap_err(); .unwrap_err();
builder.recursive(true); builder.recursive(true);
builder.create_with_unscoped_path(&rootfs_path).unwrap(); builder.create_with_unscoped_path(rootfs_path).unwrap();
builder builder
.create_with_unscoped_path(rootfs_path.join(".")) .create_with_unscoped_path(rootfs_path.join("."))
.unwrap(); .unwrap();

32
src/libs/safe-path/src/scoped_path_resolver.rs
View File

@ -329,31 +329,31 @@ mod tests {
let rootfs_path = &rootfs_dir.path(); let rootfs_path = &rootfs_dir.path();
assert_eq!( assert_eq!(
scoped_join(&rootfs_path, "a").unwrap(), scoped_join(rootfs_path, "a").unwrap(),
rootfs_path.join("a") rootfs_path.join("a")
); );
assert_eq!( assert_eq!(
scoped_join(&rootfs_path, "./a").unwrap(), scoped_join(rootfs_path, "./a").unwrap(),
rootfs_path.join("a") rootfs_path.join("a")
); );
assert_eq!( assert_eq!(
scoped_join(&rootfs_path, "././a").unwrap(), scoped_join(rootfs_path, "././a").unwrap(),
rootfs_path.join("a") rootfs_path.join("a")
); );
assert_eq!( assert_eq!(
scoped_join(&rootfs_path, "c/d/../../a").unwrap(), scoped_join(rootfs_path, "c/d/../../a").unwrap(),
rootfs_path.join("a") rootfs_path.join("a")
); );
assert_eq!( assert_eq!(
scoped_join(&rootfs_path, "c/d/../../../.././a").unwrap(), scoped_join(rootfs_path, "c/d/../../../.././a").unwrap(),
rootfs_path.join("a") rootfs_path.join("a")
); );
assert_eq!( assert_eq!(
scoped_join(&rootfs_path, "../../a").unwrap(), scoped_join(rootfs_path, "../../a").unwrap(),
rootfs_path.join("a") rootfs_path.join("a")
); );
assert_eq!( assert_eq!(
scoped_join(&rootfs_path, "./../a").unwrap(), scoped_join(rootfs_path, "./../a").unwrap(),
rootfs_path.join("a") rootfs_path.join("a")
); );
} }
@ -370,18 +370,18 @@ mod tests {
fs::symlink("b/c", rootfs_dir.path().join("a")).unwrap(); fs::symlink("b/c", rootfs_dir.path().join("a")).unwrap();
let target = rootfs_path.join("b/c"); let target = rootfs_path.join("b/c");
assert_eq!(scoped_join(&rootfs_path, "a").unwrap(), target); assert_eq!(scoped_join(rootfs_path, "a").unwrap(), target);
assert_eq!(scoped_join(&rootfs_path, "./a").unwrap(), target); assert_eq!(scoped_join(rootfs_path, "./a").unwrap(), target);
assert_eq!(scoped_join(&rootfs_path, "././a").unwrap(), target); assert_eq!(scoped_join(rootfs_path, "././a").unwrap(), target);
assert_eq!(scoped_join(&rootfs_path, "b/c/../../a").unwrap(), target); assert_eq!(scoped_join(rootfs_path, "b/c/../../a").unwrap(), target);
assert_eq!( assert_eq!(
scoped_join(&rootfs_path, "b/c/../../../.././a").unwrap(), scoped_join(rootfs_path, "b/c/../../../.././a").unwrap(),
target target
); );
assert_eq!(scoped_join(&rootfs_path, "../../a").unwrap(), target); assert_eq!(scoped_join(rootfs_path, "../../a").unwrap(), target);
assert_eq!(scoped_join(&rootfs_path, "./../a").unwrap(), target); assert_eq!(scoped_join(rootfs_path, "./../a").unwrap(), target);
assert_eq!(scoped_join(&rootfs_path, "a/../../../a").unwrap(), target); assert_eq!(scoped_join(rootfs_path, "a/../../../a").unwrap(), target);
assert_eq!(scoped_join(&rootfs_path, "a/../../../b/c").unwrap(), target); assert_eq!(scoped_join(rootfs_path, "a/../../../b/c").unwrap(), target);
} }
#[test] #[test]

15
src/runtime-rs/Cargo.lock generated
View File

@ -1223,6 +1223,7 @@ dependencies = [
"seccompiler", "seccompiler",
"serde", "serde",
"serde_json", "serde_json",
"shim-interface",
"slog", "slog",
"slog-scope", "slog-scope",
"thiserror", "thiserror",
@ -1919,6 +1920,7 @@ dependencies = [
"safe-path", "safe-path",
"serde", "serde",
"serde_json", "serde_json",
"shim-interface",
] ]
[[package]] [[package]]
@ -2343,6 +2345,7 @@ dependencies = [
"logging", "logging",
"oci", "oci",
"persist", "persist",
"shim-interface",
"slog", "slog",
"slog-scope", "slog-scope",
"tokio", "tokio",
@ -2474,6 +2477,7 @@ dependencies = [
"logging", "logging",
"persist", "persist",
"runtimes", "runtimes",
"shim-interface",
"slog", "slog",
"slog-scope", "slog-scope",
"tokio", "tokio",
@ -2539,12 +2543,23 @@ dependencies = [
name = "shim-ctl" name = "shim-ctl"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"anyhow",
"common", "common",
"logging", "logging",
"runtimes", "runtimes",
"tokio", "tokio",
] ]
[[package]]
name = "shim-interface"
version = "0.1.0"
dependencies = [
"anyhow",
"hyper",
"hyperlocal",
"tokio",
]
[[package]] [[package]]
name = "signal-hook-registry" name = "signal-hook-registry"
version = "1.4.0" version = "1.4.0"

2
src/runtime-rs/crates/hypervisor/src/dragonball/inner_hypervisor.rs
View File

@ -98,7 +98,7 @@ impl DragonballInner {
}; };
for tid in self.vmm_instance.get_vcpu_tids() { for tid in self.vmm_instance.get_vcpu_tids() {
vcpu_thread_ids.vcpus.insert(tid.0 as u32, tid.1 as u32); vcpu_thread_ids.vcpus.insert(tid.0 as u32, tid.1);
} }
info!(sl!(), "get thread ids {:?}", vcpu_thread_ids); info!(sl!(), "get thread ids {:?}", vcpu_thread_ids);
Ok(vcpu_thread_ids) Ok(vcpu_thread_ids)

2
src/runtime-rs/crates/resource/src/network/utils/link/create.rs
View File

@ -119,7 +119,7 @@ pub fn create_link(name: &str, link_type: LinkType, queues: usize) -> Result<()>
fn create_queue(name: &str, flags: libc::c_int) -> Result<(File, String)> { fn create_queue(name: &str, flags: libc::c_int) -> Result<(File, String)> {
let path = Path::new(DEVICE_PATH); let path = Path::new(DEVICE_PATH);
let file = OpenOptions::new().read(true).write(true).open(&path)?; let file = OpenOptions::new().read(true).write(true).open(path)?;
let mut req = CreateLinkReq::from_name(name)?; let mut req = CreateLinkReq::from_name(name)?;
unsafe { unsafe {
req.set_raw_flags(flags as libc::c_short); req.set_raw_flags(flags as libc::c_short);

2
src/runtime-rs/crates/resource/src/network/utils/link/manager.rs
View File

@ -11,6 +11,7 @@ use netlink_packet_route::{
use super::{Link, LinkAttrs}; use super::{Link, LinkAttrs};
#[allow(clippy::box_default)]
pub fn get_link_from_message(mut msg: LinkMessage) -> Box<dyn Link> { pub fn get_link_from_message(mut msg: LinkMessage) -> Box<dyn Link> {
let mut base = LinkAttrs { let mut base = LinkAttrs {
index: msg.header.index, index: msg.header.index,
@ -83,6 +84,7 @@ pub fn get_link_from_message(mut msg: LinkMessage) -> Box<dyn Link> {
ret ret
} }
#[allow(clippy::box_default)]
fn link_info(mut infos: Vec<Info>) -> Box<dyn Link> { fn link_info(mut infos: Vec<Info>) -> Box<dyn Link> {
let mut link: Option<Box<dyn Link>> = None; let mut link: Option<Box<dyn Link>> = None;
while let Some(info) = infos.pop() { while let Some(info) = infos.pop() {

2
src/runtime-rs/crates/resource/src/network/utils/netns.rs
View File

@ -20,7 +20,7 @@ impl NetnsGuard {
let current_netns_path = format!("/proc/{}/task/{}/ns/{}", getpid(), gettid(), "net"); let current_netns_path = format!("/proc/{}/task/{}/ns/{}", getpid(), gettid(), "net");
let old_netns = File::open(&current_netns_path) let old_netns = File::open(&current_netns_path)
.with_context(|| format!("open current netns path {}", &current_netns_path))?; .with_context(|| format!("open current netns path {}", &current_netns_path))?;
let new_netns = File::open(&new_netns_path) let new_netns = File::open(new_netns_path)
.with_context(|| format!("open new netns path {}", &new_netns_path))?; .with_context(|| format!("open new netns path {}", &new_netns_path))?;
setns(new_netns.as_raw_fd(), CloneFlags::CLONE_NEWNET) setns(new_netns.as_raw_fd(), CloneFlags::CLONE_NEWNET)
.with_context(|| "set netns to new netns")?; .with_context(|| "set netns to new netns")?;

4
src/runtime-rs/crates/resource/src/share_fs/mod.rs
View File

@ -88,8 +88,8 @@ impl MountedInfo {
pub fn new(guest_path: PathBuf, readonly: bool) -> Self { pub fn new(guest_path: PathBuf, readonly: bool) -> Self {
Self { Self {
guest_path, guest_path,
ro_ref_count: if readonly { 1 } else { 0 }, ro_ref_count: readonly.into(),
rw_ref_count: if readonly { 0 } else { 1 }, rw_ref_count: (!readonly).into(),
} }
} }

2
src/runtime-rs/crates/resource/src/share_fs/utils.rs
View File

@ -38,7 +38,7 @@ pub(crate) fn share_to_guest(
// to remount the read only dir mount point directly. // to remount the read only dir mount point directly.
if readonly { if readonly {
let dst = do_get_host_path(target, sid, cid, is_volume, true); let dst = do_get_host_path(target, sid, cid, is_volume, true);
mount::bind_remount(&dst, readonly).context("bind remount readonly")?; mount::bind_remount(dst, readonly).context("bind remount readonly")?;
} }
Ok(do_get_guest_path(target, cid, is_volume, is_rafs)) Ok(do_get_guest_path(target, cid, is_volume, is_rafs))

10
src/runtime-rs/crates/resource/src/share_fs/virtio_fs_share_mount.rs
View File

@ -173,11 +173,11 @@ impl ShareFsMount for VirtiofsShareMount {
async fn upgrade_to_rw(&self, file_name: &str) -> Result<()> { async fn upgrade_to_rw(&self, file_name: &str) -> Result<()> {
// Remount readonly directory with readwrite permission // Remount readonly directory with readwrite permission
let host_dest = do_get_host_path(file_name, &self.id, "", true, true); let host_dest = do_get_host_path(file_name, &self.id, "", true, true);
bind_remount(&host_dest, false) bind_remount(host_dest, false)
.context("remount readonly directory with readwrite permission")?; .context("remount readonly directory with readwrite permission")?;
// Remount readwrite directory with readwrite permission // Remount readwrite directory with readwrite permission
let host_dest = do_get_host_path(file_name, &self.id, "", true, false); let host_dest = do_get_host_path(file_name, &self.id, "", true, false);
bind_remount(&host_dest, false) bind_remount(host_dest, false)
.context("remount readwrite directory with readwrite permission")?; .context("remount readwrite directory with readwrite permission")?;
Ok(()) Ok(())
} }
@ -185,18 +185,18 @@ impl ShareFsMount for VirtiofsShareMount {
async fn downgrade_to_ro(&self, file_name: &str) -> Result<()> { async fn downgrade_to_ro(&self, file_name: &str) -> Result<()> {
// Remount readwrite directory with readonly permission // Remount readwrite directory with readonly permission
let host_dest = do_get_host_path(file_name, &self.id, "", true, false); let host_dest = do_get_host_path(file_name, &self.id, "", true, false);
bind_remount(&host_dest, true) bind_remount(host_dest, true)
.context("remount readwrite directory with readonly permission")?; .context("remount readwrite directory with readonly permission")?;
// Remount readonly directory with readonly permission // Remount readonly directory with readonly permission
let host_dest = do_get_host_path(file_name, &self.id, "", true, true); let host_dest = do_get_host_path(file_name, &self.id, "", true, true);
bind_remount(&host_dest, true) bind_remount(host_dest, true)
.context("remount readonly directory with readonly permission")?; .context("remount readonly directory with readonly permission")?;
Ok(()) Ok(())
} }
async fn umount(&self, file_name: &str) -> Result<()> { async fn umount(&self, file_name: &str) -> Result<()> {
let host_dest = do_get_host_path(file_name, &self.id, "", true, true); let host_dest = do_get_host_path(file_name, &self.id, "", true, true);
umount_timeout(&host_dest, 0).context("Umount readwrite host dest")?; umount_timeout(host_dest, 0).context("Umount readwrite host dest")?;
// Umount event will be propagated to ro directory // Umount event will be propagated to ro directory
Ok(()) Ok(())
} }

2
src/runtime-rs/crates/service/src/manager.rs
View File

@ -55,7 +55,7 @@ async fn send_event(
.stdin(Stdio::piped()) .stdin(Stdio::piped())
.stdout(Stdio::piped()) .stdout(Stdio::piped())
.stderr(Stdio::piped()) .stderr(Stdio::piped())
.args(&[ .args([
"--address", "--address",
&address, &address,
"publish", "publish",

2
src/runtime-rs/crates/shim/src/shim_delete.rs
View File

@ -40,7 +40,7 @@ impl ShimExecutor {
let trim_path = address.strip_prefix("unix://").context("trim path")?; let trim_path = address.strip_prefix("unix://").context("trim path")?;
let file_path = Path::new("/").join(trim_path); let file_path = Path::new("/").join(trim_path);
let file_path = file_path.as_path(); let file_path = file_path.as_path();
if std::fs::metadata(&file_path).is_ok() { if std::fs::metadata(file_path).is_ok() {
info!(sl!(), "remote socket path: {:?}", &file_path); info!(sl!(), "remote socket path: {:?}", &file_path);
fs::remove_file(file_path).ok(); fs::remove_file(file_path).ok();
} }

2
src/tools/runk/src/main.rs
View File

@ -105,7 +105,7 @@ fn setup_logger(
.read(true) .read(true)
.create(true) .create(true)
.truncate(true) .truncate(true)
.open(&file)?; .open(file)?;
// TODO: Support 'text' log format. // TODO: Support 'text' log format.
let (logger_local, logger_async_guard_local) = let (logger_local, logger_async_guard_local) =

4
versions.yaml
View File

@ -349,12 +349,12 @@ languages:
rust: rust:
description: "Rust language" description: "Rust language"
notes: "'version' is the default minimum version used by this project." notes: "'version' is the default minimum version used by this project."
version: "1.62.0" version: "1.66.0"
meta: meta:
description: | description: |
'newest-version' is the latest version known to work when 'newest-version' is the latest version known to work when
building Kata building Kata
newest-version: "1.62.0" newest-version: "1.66.0"
golangci-lint: golangci-lint:
description: "golangci-lint" description: "golangci-lint"